Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request] Change ConditionResolvers to be Able to Accept type "any" and Context to Accept "any" as Well #15

Closed
yaser-ali-s opened this issue Mar 24, 2020 · 2 comments · Fixed by #32
Closed

[Feature Request] Change ConditionResolvers to be Able to Accept type "any" and Context to Accept "any" as Well #15

yaser-ali-s opened this issue Mar 24, 2020 · 2 comments · Fixed by #32
Labels
enhancement New feature or request

Comments

@yaser-ali-s
Copy link

yaser-ali-s commented Mar 24, 2020
edited

Currently, the ConditionKey and ConditionResolver types only allow for certain types to be passed through:

export type ConditionKey = string | number | boolean;
type Resolver = (data: ConditionKey, expected: ConditionKey) => boolean;

Since the resolvers themselves are not provided by the package, it might as well be permissible to use type any as the arguments, with the return type staying as boolean.

That, of course, means to change type Context, as well, to accept any.

The other option would be to augment the package, but I'm having difficulty doing that, and I'm not sure what's causing the issues.
@yaser-ali-s
Copy link
Author

For anyone in the future, I augmented them through the following method:

// External Imports
import { EffectBlock, ActionBlock, ResourceBlock, NotResourceBlock, Patterns } from 'iam-policies/dist/src/types';
// Project Imports
import { conditionResolvers }                                                                     from './iam/conditions';

declare module 'iam-policies' {
    interface ConditionMap {
        [key: string]: any;
    }
    
    type ConditionBlock = {
        [key in keyof typeof conditionResolvers]?: ConditionMap;
    }

    interface StatementInterface {
        sid?: string;
        effect?: EffectBlock;
        condition?: ConditionBlock;
    }

    type ConditionResolver = typeof conditionResolvers;

    interface NotActionBlock {
        notAction: Patterns;
    }

    type IdentityBasedType = StatementInterface & (ActionBlock | NotActionBlock) & (ResourceBlock | NotResourceBlock);
    export interface Context {
        [key: string]: any;
    }
    export interface EvaluateIdentityBasedInterface {
        action: string;
        resource: string;
        context?: Context;
    }

    class IdentityBasedPolicy {
        constructor(config: IdentityBasedType[], conditionResolver?: ConditionResolver);
        evaluate({ action, resource, context, }: EvaluateIdentityBasedInterface): boolean;
        can({ action, resource, context }: EvaluateIdentityBasedInterface): boolean;
        cannot({ action, resource, context, }: EvaluateIdentityBasedInterface): boolean;
    }

    type PrincipalMap = {
        [key in EEntityPolicyEnumPrincipal]?: EClient | EClient[] | string | string[];
    }
    interface PrincipalBlock {
        principal: PrincipalMap | Patterns;
    }
    interface NotPrincipalBlock {
        principal: PrincipalMap | Patterns;
    }

    type ResourceBasedType = StatementInterface & (PrincipalBlock | NotPrincipalBlock) & (ActionBlock | NotActionBlock) & (ResourceBlock | NotResourceBlock | {});

    export interface EvaluateResourceBasedInterface extends EvaluateIdentityBasedInterface {
        principal: string;
        principalType?: string;
    }

    class ResourceBasedPolicy {
        constructor(config: ResourceBasedType[], conditionResolver?: ConditionResolver);
        evaluate({ principal, action, resource, principalType, context, }: EvaluateResourceBasedInterface): boolean;
        can({ principal, action, resource, principalType, context, }: EvaluateResourceBasedInterface): boolean;
        cannot({ principal, action, resource, principalType, context, }: EvaluateResourceBasedInterface): boolean;
    }
}

roggervalf added a commit that referenced this issue Nov 9, 2020
@roggervalf
feat(context): allow passing objects as context
b78d5fb 
using Record in conditionBlock, not only allowing string, number and boolean values

re #15
@roggervalf roggervalf linked a pull request Nov 10, 2020 that will close this issue
Extends context as an object #32
Merged
@roggervalf roggervalf added the enhancement New feature or request label Nov 10, 2020
roggervalf pushed a commit that referenced this issue Nov 10, 2020
@semantic-release-bot
chore(release): 4.1.0 [skip ci]
2dbd6f9 
# [4.1.0](v4.0.3...v4.1.0) (2020-11-10)

### Features

* **condition:** extends condition block type to accept unknown values ([38a6daa](38a6daa))
* **context:** allow passing objects as context ([b78d5fb](b78d5fb)), closes [#15](#15)
@roggervalf
Copy link
Owner

Hi @yaser-ali-s, sorry for the delay in address this, hope the last release could help you. Thank you for this feature request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Extends context as an object roggervalf/iam-policies
2 participants
@roggervalf @yaser-ali-s